General
-
Target
7a1e33481b7164e593982cc8bca49b83_JaffaCakes118
-
Size
120KB
-
Sample
240527-xac3haeg42
-
MD5
7a1e33481b7164e593982cc8bca49b83
-
SHA1
cbeb5da1d01ea56a990943cf27c3698770fe3d84
-
SHA256
ccff91f0cf57fc3901a024eab0a887f3ce63a3224b326c4cb1f284cc3f126b6d
-
SHA512
f1b4abfba68c2ee7a956f81065855809839a2c889382e98240f2851893a2daaf8a22305e98ebcd22ded4edd3d9fd60cde5ff3cc1867605313cd49b0b40a69ec9
-
SSDEEP
1536:uCjGsIaJ4BPgPVLpmPzR5fQp3ER1XYk62HOX5H3GIJbEb1:oszC1k0zvOkrgd2Iqb1
Static task
static1
Behavioral task
behavioral1
Sample
7a1e33481b7164e593982cc8bca49b83_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
7a1e33481b7164e593982cc8bca49b83_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
guloader
https://drive.google.com/uc?export=download&id=1BPx9dF6DggO5Qb7FQa0lwTupTGugkBrY
Targets
-
-
Target
7a1e33481b7164e593982cc8bca49b83_JaffaCakes118
-
Size
120KB
-
MD5
7a1e33481b7164e593982cc8bca49b83
-
SHA1
cbeb5da1d01ea56a990943cf27c3698770fe3d84
-
SHA256
ccff91f0cf57fc3901a024eab0a887f3ce63a3224b326c4cb1f284cc3f126b6d
-
SHA512
f1b4abfba68c2ee7a956f81065855809839a2c889382e98240f2851893a2daaf8a22305e98ebcd22ded4edd3d9fd60cde5ff3cc1867605313cd49b0b40a69ec9
-
SSDEEP
1536:uCjGsIaJ4BPgPVLpmPzR5fQp3ER1XYk62HOX5H3GIJbEb1:oszC1k0zvOkrgd2Iqb1
Score10/10-
Guloader payload
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-